0

I've set up a vsftpd server with local users jailed within their home directories. Anyhow if I connect through a ftp client I can execute systemcalls with the "!" command. How can I configure vsftpd to deny those calls?

ftp> ! cat /etc/shadow
... Working! Contents of /etc/shadow will be visible ...

Update:

The problem was that the vsftpd server was running with root rights and thus being able to read the shadows file.

But the question is still there:

How can I disable those systemcalls in general?

m13r
  • 174
  • 8
  • 2
    `!` commands are executed by the ftp client, in the client system. The server can't block them because it never sees them. In fact you can do a `!` command when you're not connected to any server at all. – dave_thompson_085 Jun 02 '16 at 08:17

1 Answers1

3

Commands that start with an exclamation mark ! escape the FTP client and are executed locally with the rights of your local user. The don't run on the server, actually they won't even reach the server, so there is nothing for vsftpd to block.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • So it only worked cause I was connected to localhost to test the ftp server... Thanks! – m13r Jun 02 '16 at 08:25